Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rezafathi
Contributor

Fortigate 200F wan link not working

Hi,

 

We have 2 wan link, wan1 is mikrotik antenna and wan2 is from LTE modem. I configured port 2 for wan1 with private ip address (same subnet of antenna) and secondary ip address as valid ip. I did the same for wan2 with private and public ip address.i put them both in sdwan but there is no internet on either firewall or other devices. But when i connect one of wan ports to a mikrotik router and nat the private ip address between ftg and mikrotik , the internet will work on fgt. Please help me to find the solution.

Reza F.
Reza F.
6 REPLIES 6
dbhavsar
Staff
Staff

Hi @rezafathi 
Just make sure you have correct route and correct gateway IP if that does not help I believe you might need to open a ticket with TAC to better understand your config you have done.

DNB
hbac
Staff
Staff

Hi @rezafathi,

 

Did you configure default routes? If yes, were you able to ping the default gateway? 

 

Regards, 

rezafathi

yes I have default route and I can ping the default gateway.

Reza F.
Reza F.
hbac

@rezafathi,

 

Please run the following commands and provide the output:

 

get router info routing-table all

get router info routing-table database

execute ping 8.8.8.8

 

Regards, 

rezafathi

I managed to get the internet from LTE modem to work by enabling dhcp on fgt port. But my another internet link has a private ip which connects to a mikrotik antenna. The gateway is antenna private ip and i set the valid ip as secondary ip but no internet available. Also the sdwan is active.

Reza F.
Reza F.
aguerriero
Contributor II

Capturefdadfadfa.PNG

Are you running latest 7.2.X 

get router info routing-table all

you should see both wan1 and wan2 as available next hops.


when upgrading from 7.2.5 to 7.2.6.. My wan 2 interface had an admin distance of 5 where the wan 1 interface had an admin distance of 10. So the wan2 interface only ever showed up in the routing table and none of my SD-WAN rules that used WAN1 would work.

If you show the routing table and only wan1 or wan2 shows up, you should set the admin distance equal on the default route for both interfaces and also set the admin distance on the wan1 and wan2 interfaces to be equal on both. 

I think it has something to do with DHCP assigned gateways. A DHCP assigned gateway gets a default distance of 5 where the static assigned gateway will use the admin distance of the static route. 



Top Kudoed Authors